URLhaus Database

You are currently viewing the URLhaus database entry for https://citi-tours.com/iat/?1 which is being or has been used to serve malware. Please consider that URLhaus does not differentiate between websites that have been compromised by hackers and such that has been setup by cybercriminals for the sole purpose of serving malware.

Database Entry



Add tag Remove tag Perform URL rescan Delete this URL Report a False Positive
ID:2634817
URL: https://citi-tours.com/iat/?1
URL Status:Offline
Host: citi-tours.com
Date added:2023-05-16 21:53:22 UTC
Last online:2023-05-18 21:XX:XX UTC
Threat:Malware download Malware download
URLhaus blocklist:Not blocked
Spamhaus DBL :Not blocked
SURBL :Not blocked
Quad9 :Status unknown
AdGuard :Not blocked
Cloudflare :Not blocked
dns0.eu :Status unknown
ProtonDNS :Status unknown
OpenBLD :Not blocked
DNS4EU :Blocked
Reporter: Cryptolaemus1
Abuse complaint sent (?): Yes (2023-05-16 21:54:37 UTC to abuse{at}godaddy[dot]com)
Takedown time:1 day, 23 hours, 40 minutes Poor (down since 2023-05-18 21:35:10 UTC)
Tags:BB28 geofenced js Qakbot link qbot link Quakbot link USA

Payload delivery

The table below documents all payloads that URLhaus retrieved from this particular URL.

FirstseenFilenameFile TypePayload (SHA256)VTBazaarSignature
2023-05-18Pfzqrp.jsjs 6016f12710a18923ed029eb1dc62882b5f1a032a7424e0169dd8c2228598f59dVirustotal results 27.12% 
2023-05-18Mueackw.jsjs 76443e093ed6d6e3961cb5f9bbd546bab2d05f6bc2536c5744dc86f7a769bea8Virustotal results 30.51% 
2023-05-18Cwqdqa.jsjs d3c6e06204212c1aeeef29809460056535cba3beca8cf163b7c8719671ef0c9fVirustotal results 22.03% 
2023-05-18Iqfy.jsjs ace819f2df1279100b7821ef69b6074854d5565a082b95d142eedc946bb4af70n/a 
2023-05-18Kseoa.jsjs 85341f4b78166b2b1fe18125caf6a187b8c29c45ce7ef3956530cfd4bd6591e0Virustotal results 8.62% Quakbot
2023-05-18Wqxoiu.jsjs 93be05e8c37282bca34649a25ba07962fb7da33e5799c01e05c15cc3b72589ecn/a Quakbot
2023-05-18Mlcwcjm.jsjs e0642fe2c08773c4f9cd1e58913df9c41ba972e034fb64016f0f078efca68bc7Virustotal results 27.12% Quakbot
2023-05-18Joqlsie.jsjs f6bf73aa768753f4379e2df6f0094dda46beb48b879c76c983896434f67c0ab0n/a 
2023-05-18Mkjybs.jsjs 8045c5474873d54e74acd15fa59448b63e4a6d443562ce14223f30374924a094n/a 
2023-05-18Fforcdmi.jsjs a2f17ffca655028bf5663349090771ded5e0eac6f65e71d0fc151816a2dc7342Virustotal results 23.73% 
2023-05-18Ekvcyri.jsjs dc2082d0e27eabe3ed96fdbecac723d76fcbb6897709edc0b6e8a7a9a9ef177en/a 
2023-05-18Zkiemeb.jsjs 962531faf5a4bccd1d88868db9f0b5a79c3073f110ae5e4b9f61d7ea15f8b855n/a Quakbot
2023-05-18Vcqmuqi.jsjs d6cb8ae70d4f102ac987c9de47abc6d962e10fa9755d74ea54a68edb6173dad1n/a Quakbot
2023-05-17Ljxbg.jsjs 029b6f2d9cfb0a2a335c9b9377c1dac9e71206e55f6f82c7d3c0e2edceb9b734n/a 
2023-05-17Rvnfpv.jsjs 749721b74088db119de7bccbe5cea0c9486f42bb570461ff262c5ed324b4ca16n/a 
2023-05-17Owgeldz.jsjs 7237114103b60a76ef6a67916d0d6fc1e14dc707087bd27684d1093748393f39n/a Quakbot
2023-05-17Vhiu.jsjs f4915f167c3fb3624d4d085f3c8bed83ad6edb3d7f55c9b9bb17a4f06111e131n/a Quakbot
2023-05-17Fobyizs.jsjs 0b7fccf63d874ff825b5a3e790311b7dd0923c82b142520db78f43a8191e9216n/a Quakbot
2023-05-17Qaad.jsjs c97e0d75191c3cd583de9edf9cef56be0b4b4bb3e072a64e3fd6133eef6ea96dn/a Quakbot
2023-05-17Xulaifgp.jsjs 8d6f9b3da34695607a121429e0f70623e22443c6802b8769a0a6bb621d246dc3n/a Quakbot
2023-05-17Arqpbvr.jsjs e131654332ddd7dee003ee237b0bc86a4edf7739c67cec2abb50a47df9a7e06cn/a Quakbot
2023-05-17Qsoomhq.jsjs f41380c0ca3ef4e58fd68fc4a21b0b06293aa2d1e4ef018de9616505c062c005n/a Quakbot
2023-05-17Urfdvj.jsjs 02f1a65f46887f7d23ef68dd21c5de09647eb082741035e8683021e922191510n/a Quakbot
2023-05-17Plrxyj.jsjs b40bf24b88a0864a8c6a3b81a765bdbf2e09124453aba70e219a12dc118b9202n/a Quakbot
2023-05-17Ilhhkzmg.jsjs 0b216bdf7700a6f0a03540c935aada149d8b63bcf2ded11f592cbcd0d7ab3fe8n/a Quakbot
2023-05-17Nqdmnxjj.jsjs 4b4a311c3b7630fe03fb1f25c31f16bb3a71a4668256728d9953103578b8f41en/a 
2023-05-16Zlceii.jsjs 4bb9af009208aa7bbcad5f69244a2ff57e9f6468e9d348db370cca5725a5ac99n/a Quakbot